Login Sign Up

CVE-2023-0179

7.8 HIGH
Buffer Overflow

📋 TL;DR

A buffer overflow vulnerability in the Linux Kernel's Netfilter subsystem allows local attackers to leak memory addresses and potentially execute arbitrary code. This could lead to local privilege escalation to root on affected Linux systems. Any system running a vulnerable Linux kernel version with Netfilter enabled is at risk.

💻 Affected Systems

Products:
  • Linux Kernel
Versions: Specific versions vary by distribution; generally Linux kernels before certain patches in early 2023
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Netfilter subsystem to be enabled/loaded (common in most Linux installations).

📦 What is this software?

Codeready Linux Builder by Redhat

View all CVEs affecting Codeready Linux Builder →

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Enterprise Linux Eus by Redhat

View all CVEs affecting Enterprise Linux Eus →

Enterprise Linux For Ibm Z Systems by Redhat

View all CVEs affecting Enterprise Linux For Ibm Z Systems →

Enterprise Linux For Power Little Endian by Redhat

View all CVEs affecting Enterprise Linux For Power Little Endian →

Enterprise Linux For Power Little Endian Eus by Redhat

View all CVEs affecting Enterprise Linux For Power Little Endian Eus →

Enterprise Linux For Real Time by Redhat

View all CVEs affecting Enterprise Linux For Real Time →

Enterprise Linux For Real Time For Nfv by Redhat

View all CVEs affecting Enterprise Linux For Real Time For Nfv →

Enterprise Linux Server by Redhat

View all CVEs affecting Enterprise Linux Server →

Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions by Redhat

View all CVEs affecting Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains full root privileges, compromising the entire system and potentially pivoting to other systems.

🟠

Likely Case

Local user escalates privileges to root, gaining complete control over the affected system.

🟢

If Mitigated

Attack fails due to kernel hardening features like KASLR or SMEP/SMAP, or system is patched.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access.
🏢 Internal Only: HIGH - Any compromised user account or malicious insider could exploit this to gain root access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploit requires local access and some technical knowledge. Proof-of-concept code has been published.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Varies by distribution; check vendor advisories for specific patched kernel versions

Vendor Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=2161713

Restart Required: Yes

Instructions:

1. Check your Linux distribution's security advisories. 2. Update kernel package using your package manager (apt/yum/dnf). 3. Reboot the system to load the new kernel.

🔧 Temporary Workarounds

Disable Netfilter modules

linux

Unload vulnerable Netfilter kernel modules if not required

sudo rmmod nf_tables
sudo rmmod nfnetlink

Restrict kernel module loading

linux

Prevent loading of vulnerable modules

echo 'install nf_tables /bin/false' | sudo tee /etc/modprobe.d/disable-nftables.conf
echo 'install nfnetlink /bin/false' | sudo tee /etc/modprobe.d/disable-nfnetlink.conf

🧯 If You Can't Patch

  • Implement strict access controls to limit local user accounts
  • Enable kernel hardening features like KASLR, SMEP, and SMAP

🔍 How to Verify

Check if Vulnerable:

Check kernel version against your distribution's security advisory. Example: uname -r

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update matches patched version from vendor advisory

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic or oops messages
  • Unusual privilege escalation attempts in audit logs
  • Failed module loading attempts

Network Indicators:

  • Not applicable - local exploit only

SIEM Query:

source="kernel" AND ("Oops" OR "panic" OR "general protection fault") OR source="audit" AND ("privileged" OR "root") AND action="failed"

📊 Metadata

CVE ID: CVE-2023-0179
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-190
Published: March 27, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-0179, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2025-52581 9.8

An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh...

Same vulnerability type (CWE-190)
CVE-2025-53518 9.8

An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe...

Same vulnerability type (CWE-190)